In Exchange 2013, partner applications authorized by Exchange can access their resources after they're authenticated using server-to-server authentication. A partner application can authenticate by using self-issued tokens trusted by Exchange or by using an authorization server trusted by Exchange. You can use the New-AuthServer cmdlet to create a trusted authorization server object in Exchange 2013, which allows it to trust tokens issued by the authorization server.

Use the Set-AuthServer cmdlet to enable or disable the authorization server, change the AuthMetadataUrl parameter, or refresh authorization metadata.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Partner applications - configure" entry in the Sharing and collaboration permissions topic.

The Identity parameter specifies the identity of authorization server.

ApplicationIdentifier

Optional

System.String

This parameter is reserved for internal Microsoft use.

AppSecret

Optional

System.String

This parameter is reserved for internal Microsoft use.

AuthMetadataUrl

Optional

System.String

The AuthMetadataUrl parameter specifies the URL of the authorization server. This can be the AuthMetadataUrl of your Microsoft Exchange Online organization.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

Enabled

Optional

System.Boolean

The Enabled parameter specifies whether the authorization server is enabled. Only enabled authorization servers can issue and accept tokens. Disabling the authorization server prevents any partner applications configured to use the authorization server from getting a token.

IsDefaultAuthorizationEndpoint

Optional

System.Boolean

The IsDefaultAuthorizationEndpoint parameter specifies whether this server is the default authorization endpoint. This server's authorization URL is advertised to calling partner applications, and applications need to get their OAuth access tokens from this authorization server.

Valid input for this parameter is $true or $false. The default value is $false.

IssuerIdentifier

Optional

System.String

This parameter is reserved for internal Microsoft use.

Name

Optional

System.String

The Name parameter specifies a name for the authorization server.

RefreshAuthMetadata

Optional

System.Management.Automation.SwitchParameter

The RefreshAuthMetadata switch specifies whether Exchange should refresh the auth metadata from the specified URL.

TokenIssuingEndpoint

Optional

System.String

This parameter is reserved for internal Microsoft use.

TrustAnySSLCertificate

Optional

System.Management.Automation.SwitchParameter

The TrustAnySSLCertificate switch specifies whether Exchange should accept certificates from an untrusted certification authority. We don't recommend using this switch in a production environment.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.